Relevant Version

3.0 - 3.2


Summary

When creating an Image Assurance Policy, select the 'Block Unregistered Images' control. This control prevents an image container, that is considered unregistered by Aqua, from starting. A registered image relates to the image being known to Aqua and having a scan digest. You can then associate a prefix or label to this control to allow specific images, regardless of their registered status.


Usage

The prefix section allows for multiple prefixes to be used and it is applied with the regex, 'Starts with and includes' to whitelist images, regardless of the registration status. In other words, for an image to meet this criteria, the prefix must contain a portion of the specific image name, from the first character until the end of the prefix string. There is an implied wildcard at the end of the prefix, indicating that as long as the prefix is satisfied, the rest of the image name string is irrelevant. See the examples below of how this looks written and what it means to the product.


Prefixes:

us.east.registry.com/produ

us.north.regis

us.east.registry.com/production/


Whitelisted Images:

us.east.registry.com/produ*

us.north.regis*

us.east.registry.com/production/*


Related Information

Block Unregistered Images Documentation